Method for Enjoying a Service Through a Mobile Telephone Terminal and Subscriber Identification Card for Implementing It

ABSTRACT

A method is provided which allows a service to be enjoyed through a mobile telephone terminal without the need of paying for this service. The can be achieved by allowing a first subscriber to use the credit or subscription of a second subscriber. The subscriber identification cards at least of the two subscribers involved are provided with short range radio communication transceivers and establish a short range communication channel between them so that one card may request the other card to pay for this service and the other card may grant this request through this channel. Then the mobile telephone networks of the cards are informed of the granted request. Before, during and after the grant of the request, the subscriber identification cards remain active and operative in communicating together and with the associated terminals.

FIELD OF THE INVENTION

The present invention relates to a method for enjoying a service througha mobile telephone terminal and to a subscriber identification card forimplementing it.

BACKGROUND OF THE INVENTION

Nowadays, in order to use a mobile telephone terminal, a telephonesubscriber identification card is to be inserted within it. Such card isgenerally called UICC [Universal Integrated Circuit Card]; for GSM[Global System for Mobile communications] the UICC contains a SIM[Subscriber Identity Module] application and for UMTS [Universal MobileTelecommunications System] the UICC contains a USIM [UniversalSubscriber Identity Module] application; UICC may contain severalapplications, making it possible for the same card to give access toe.g. both GSM and UMTS networks and also to provide storage of otherapplications and/or of user data, for example a phone book.

Telephone subscriber identification cards securely store not onlysubscriber identification information but also subscriber authenticationinformation; for example, a SIM card stores an IMSI [InternationalMobile Subscriber Identity] code and a KI [Authentication Key] code.

A mobile telephone operator provides its subscribers with at least avoice communication service and very often other services like datacommunication services (e.g. GPRS [General Packet Radio Service], WAP[Wireless Application Protocol] internet navigation, FTP [File TransferProtocol] download or upload, SMS [Short Message Service] transfer, MMS[Multimedia Messaging Service] transfer, DVB-H [Digital VideoBroadcasting—Handheld] reception), entertainment services (e.g. playbackof multimedia content protected by DRM [Digital Rights Management]) andother more specific services. A user may be subscribed (i.e. enabled) toone or more of these services and is generally called a subscriber.

A subscriber may pay the subscribed services basically in two differentways: in credit mode or in debit mode; in debit mode, the subscriberpays money before using services and accumulates a credit that can beused afterwards; in credit mode, the subscriber uses services andaccumulates a debit that can be settled afterwards. The payment mode ispart of the user subscription with the mobile telephone operator.

It may happen (A) that a subscriber would like to use one of hissubscribed services but he has no or not enough credit or (B) that asubscriber would like to use one of his subscribed services but he doesnot want to pay for it.

In these cases, a first option for the first subscriber is to ask asecond subscriber to use his mobile telephone terminal (this option maybe used if the second subscriber is subscribed to the service ofinterest to the first subscriber); a second option for the firstsubscriber is to ask a second subscriber to extract the telephonesubscriber identification card from the mobile telephone terminal of thesecond subscriber and then to insert it into the mobile telephoneterminal of the first subscriber (this option may be used if the serviceof interest to the first subscriber does not require any specificinformation that is securely contained in the subscriber identificationcard of the first subscriber).

Both options are awkward and can not always be used.

Patent application WO 03/084265 discloses a method and an apparatus foraccessing a network using remote subscriber identity information.Subscriber identity information in a memory within a device such as amobile terminal can be remotely used by a second independent device. Inthe case of a GSM terminal, for example, one terminal would be able toutilize the subscriber identity information contained in the subscriberidentity module (SIM) of another terminal by establishing a localcommunication link between the two terminals. Remote subscriber identityinformation is transferred over the local communication link and thecommunication terminal, which is using the remote subscriber identityinformation, can register with the telephone network using thatinformation, thus, eliminating the need to transfer the SIM.

The idea of using subscriber identity information located or locatableremotely from the mobile telephone terminal was known even before theabove mentioned patent application.

Patent application WO 99/59360 discloses an arrangement forcommunication of subscriber identity module related data in a wirelesscommunication system. The arrangement comprises a wireless communicationterminal with a subscriber identity unit which is adapted to comprise asubscriber identity module to which a subscriber identity is assigned.This patent application discloses also a method for communication ofsubscriber identity module related data in a wireless communicationsystem for implementation in a wireless communication terminal with asubscriber identity unit. The subscriber identity unit is arranged tocommunicate the subscriber identity module related data such as thesubscriber identity with the terminal over a local wirelesscommunication link. The arrangement according to this patent applicationmakes it possible to separate the subscriber identity unit from theterminal while the terminal is communicating in the wireless system.

Patent application US 2003/0211861(now U.S. Pat. No. 6,985,756)discloses an apparatus and a method that provide remote access tosubscriber identity information and subscriber configuration informationstored on one or more subscriber identity modules (SIMs) in order toallow remote configuration of wireless communications devices. A SIMserver provides access to the SIMs, a SIM librarian catalogues the SIMs,and a SIM accounting system tracks and/bills for SIM usage. Theapparatus and method provide remote access to proxy wirelesscommunications devices, allowing such devices to operate as if actuallypresent in the remote locations.

SUMMARY OF THE INVENTION

The Applicant has understood that the basic idea behind the solutionaccording to patent application WO 03/084265 is that a first mobiletelephone terminal “electronically borrows” a SIM card from a secondmobile telephone terminal.

Anyway, the Applicant has also understood that the way in which thisbasic idea is implemented according to patent application WO 03/084265has a number of disadvantages. According to this implementation, theterminal that “borrows” an external SIM card deactivates its internalSIM card; in this way, the user of this terminal can not use any of hisuser data, for example his phone book, and can no longer receive phonecalls directed to him; additionally, the mobile telephone terminal needsto be specifically designed as it must able to communicate directly withanother mobile telephone terminal and to deactivate/activate itsinternal SIM card. Still according to this implementation, bothsubscriber identification and authentication information are transferredfrom the SIM card of one terminal to a CPU memory of another terminal;in this way, very important secret information leave the protectedenvironment of a SIM card and, what is worse, are stored into a freelyaccessible memory area.

The present invention aims in general at finding a solution for enjoyinga service through a mobile telephone terminal without the need ofdirectly paying for this service; precisely, the technical problembehind the present invention is how a first subscriber can to use thecredit or subscription of a second subscriber.

More in particular, the solution should be practical and not awkward(e.g. no physical exchange of subscriber identity cards), should notrequire changes to existing mobile telephone terminals and should notallow abuses of user subscriptions and user data.

Advantageously, the solution should be flexible in terms of number andextent of services “borrowed” by one subscriber from another subscriber.

In order to solve the above mentioned problem, the Applicant hasconceived that subscriber identification cards (at least of the twosubscribers involved) be provided with a short range radio communicationtransceiver and establish a short range communication channel betweenthem so that a first card may request to a second card to pay for one ormore services and the second card may grant this request through thischannel and then the mobile telephone networks of the cards are informedof the granted request; before, during and after the grant of therequest the subscriber identification cards remain active and operativein communicating together and with the associated terminals.

The payment authorisation request is typically due to an input providedby a first user to the mobile telephone terminal where the first card isinstalled and the grant of the request is typically due to an inputprovided by a second user to the mobile telephone terminal where thesecond card is installed.

The request and/or the grant may comprise information specifying theauthorisation scope, for example a period of time corresponding to theauthorisation duration and/or an amount of money corresponding to theauthorised payment.

The service enjoyed by the first subscriber thanks to the grantedrequest may be fixed and predetermined or may be variable and, in thelatter case, the request and/or the grant may comprise informationspecifying the service.

Preferably both mobile telephone terminals inform the mobile telephonenetworks of the granted authorisation. If the mobile telephone networksare different, an exchange of information may occur between thenetworks.

If one terminal only makes the notification to its network, thisterminal may transmit information about both terminals and/orsubscribers.

According to a typical application of the present invention, a firstmobile telephone terminal requests its mobile telephone network to beassociated to the identity of a second subscriber identification card,and a second mobile telephone terminal requests its mobile telephonenetwork to be associated to the identity of the first subscriberidentification card; in this way an “identity exchange” is achieved.

Advantageously, even in case of “identity exchange”, due to the factthat the network or networks may be fully aware the exchange ofidentity, calls addressed to the first subscriber identification cardmay be directed to the first mobile telephone terminal and telephonecalls addressed to the second subscriber identification card may bedirected to the second mobile telephone terminal. More specifically, theexchange of identity between said first mobile telephone terminal andsaid second mobile telephone terminal may be effective for billingpurposes only.

Advantageously, in case of “identity exchange”, any authenticationprocedure of a subscriber identity is carried out through the card thatrightfully holds this identity; in this way, there is no need totransmit authentication information securely stored within the card.This means that if an identity authentication is requested by e.g. themobile telephone network during an “identity exchange”, the two cardsexchange information packets in order to correctly reply to the identityauthentication request; preferably, the channel used for such exchangeof information is secured and/or the exchanged information is encrypted(technologies for these purposes are already known and available).

One of the services that can be borrowed according to the presentinvention is an information (for example songs, movies, . . . ) downloadservice; more and more in the future, these services will be providedthrough a DRM [Digital Right Management] system that allows enjoyment ofthe downloaded information only to e.g. the subscriber. In case of“identity exchange”, if such a system is used, the encryption ofinformation is done for the benefit of the true identity and not of theexchanged/borrowed identity even if the download is paid by thesubscription associated to the exchanged/borrowed identity.

Basically, the termination of the authorisation by a second subscriberto a first subscriber may take place in three different ways: (A) any ofthe mobile telephone networks understands from the scope of theauthorisation that the authorisation is exhausted, (B) any of the mobiletelephone terminals informs the mobile telephone network that theauthorisation is terminated due to the will of its subscriber, (C) anyof the mobile telephone terminals detects that the short rangecommunication channel is interrupted and consequently informs the mobiletelephone network that the authorisation is terminated due to technicalproblems.

According to another aspect, the present invention also relates to asubscriber identification card having technical features adapted forimplementing the above described method.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will become more apparent from the followingdescription to be considered in conjunction with the annexed drawing,wherein:

FIG. 1 shows schematically a simplified scenario wherein the presentinvention may be applied,

FIG. 2 is diagram where messages between various entities are shownaccording to an embodiment of the present invention,

FIG. 3 is a flow chart relating to a first subscriber identificationcard (the borrowing card) according to an embodiment of the presentinvention,

FIG. 4 is a flow chart relating to a second subscriber identificationcard (the lending card) according to an embodiment of the presentinvention,

FIG. 5 is a detailed flow chart of one step (authentication request fromanother card) of the flow charts of FIG. 3 and FIG. 4,

FIG. 6 is a detailed flow chart of one step (authentication request fromthe network) of the flow charts of FIG. 3 and FIG. 4,

FIG. 7 is a detailed flow chart of one step (other requests) of the flowcharts of FIG. 3 and FIG. 4, and

FIG. 8 shows schematically a more complex scenario wherein the presentinvention may be applied.

It is to be understood that the following description and the annexeddrawings are not to be interpreted as limitations of the presentinvention but simply as exemplifications.

Additionally, it is to be noted that the present invention will beprimarily described with reference to a simplified application scenario(FIG. 1) wherein both subscriber identity cards are associated to thesame mobile telephone network; anyway, the present invention isapplicable also to a more general case (FIG. 8) wherein the twosubscriber identity cards are respectively associated to two differentmobile telephone networks.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 shows a mobile telephone network N, a first mobile telephoneterminal T1 with which a first subscriber identification card C1 isinserted and a second mobile telephone terminal T2 with which a secondsubscriber identification card C2 is inserted; in particular network Nis a GSM or UMTS network, terminals T1 and T2 are two mobile phones andcards C1 and C2 are two SIM cards.

Both mobile telephone terminals T1 and T2 are adapted to communicatewith the mobile telephone network N by means of internal long rangeradio communication transceivers L1 and L2 and of the subscriberidentification cards C1 and C2 inserted within them, and are adapted tocommunicate with other mobile telephone terminals by means of shortrange radio communication transceivers S1 and S2 respectively integratedinto the subscriber identification cards C1 and C2. Subscriberidentification cards C1 and C2 stores identification and authenticationinformation relating respectively to a first subscriber U1 and a secondsubscriber U2 (other information is stored in a SIM card, as well knownin the art) and allow the enjoyment of one or more service provided bythe mobile telephone network N such as for example voice communication,data communication (e.g. GPRS, WAP navigation. FTP download), SMStransfer; in other terms subscribers U1 and U2 have subscriptions forsome services provided by the network with credit payment or debitpayment.

Terminals T1 and T2 are standard mobile telephone terminals, for examplemobile phones or computers associated or integrated with a mobile phone.

Cards C1 and C2 may have the architecture and the internal operationdisclosed e.g. in patent applications WO2005104584 and WO2006056220 ofthe same Applicant; anyway, in order to implement the present invention,specific functionalities (implemented e.g. in firmware) are necessaryfor these cards.

For the purpose of the present invention it is worth mentioning thatsubscriber identification cards C1 and C2 comprises respectivelyinterfaces I1 and I2, transceivers S1 and S2 and processing units P1 andP2; the interfaces I1 and I2 are adapted to connection to a mobiletelephone terminal (for example T1 and T2) in order to allow long rangedirect communication of the mobile telephone terminal with the mobiletelephone network N; the transceivers S1 and S2 are adapted to shortrange direct communication with other subscriber identifications cardsand use in particular the ZigBee technology which is a very reliable andsafe short range communication technology.

Processing units P1 and P2 comprise memories M1 and M2 for storing dataand programs; a first part of each of the memories M1 and M2 is volatile(for example RAM) and a second part is non-volatile (for example EPROMand/or EEPROM and/or FLASH). One or more of the stored programs allow tocontrol the transceiver and the interface. Some of the securely andpermanently stored data relate to identification and authenticationinformation of a first subscriber (U1 for C1 and U2 for C2), i.e. therightful subscriber; other of the securely but non-permanently storeddata may relate to identification and authentication information of asecond subscriber, e.g. a “lending” subscriber.

In FIG. 1, a bidirectional short range communication channel (CH) isestablished between terminals T1 and T2 (more specifically between cardsC1 and C2), a bidirectional long range communication channel isestablished between terminal T1 and network N and a bidirectional longrange communication channel is established between terminal T2 andnetwork N.

In general, according to the present invention, a method for enjoying aservice through a mobile telephone terminal comprises the followingsteps:

-   -   A) providing a first mobile telephone terminal (T1) with a first        subscriber identification card (C1) associated to the identity        of a first subscriber; the first terminal (T1) is adapted to        communicate with a first mobile telephone network (N1) by means        of a long range radio communication transceiver (L1), and the        first card (C1) is adapted to communicate with other subscriber        identification cards (C2) by means of a short range radio        communication transceiver (S1); additionally, the first card        (C1) allows the enjoyment of a service provided by the first        mobile telephone network (N1),    -   B) providing a second mobile telephone terminal (T2) with a        second subscriber identification card (C2) associated to the        identity of a second subscriber; the second terminal (T2) is        adapted to communicate with a second mobile telephone network        (N2) by means of a long range radio communication transceiver        (L2), and the second card (C2) is adapted to communicate with        other subscriber identification cards (C1) by means of a short        range radio communication transceiver (S2),    -   C) establishing a short range communication channel (CH) between        the first card (C1) and the second card (C2) by means of their        short range radio communication transceivers (S1,S2),    -   D) transmitting from the first card (C1) to the second card (C2)        by means of the channel (CH) a request to authorise a payment to        be charged to the second subscriber for the benefit of the first        subscriber,    -   E) transmitting from the second card (C2) to the first card (C1)        by means of the channel (CH) a grant of said payment        authorisation request,    -   F) informing the networks (N1, N2) of the granted request to be        implemented by the networks (N1, N2) through the association of        the identity of the first subscriber to the second terminal (T2)        and of the identity of the second subscriber to the first        terminal (T1),    -   and    -   G) enjoying said service through the first terminal (T1) based        on said granted request. Typically, before, during and after        step F both the first card (C1) and the second card (C2) are        active and operative in communicating together and with the        associated terminals (T1, T2).

As already said, in the embodiment of FIG. 1, the first network and thesecond network correspond to the same mobile telephone network N; while,in the embodiment of FIG. 8, two different and distinct networks N1 andN2 are provided.

The above method was conceived according to a borrow/lend paradigm andfor a limited time (from few minutes to few hours) even if, in theory,it may last for a longer time.

The above process steps (C, D, E and F) are carried out typically andadvantageously thanks to one or more programs stored in the subscriberidentification cards; therefore no changes are required to the mobiletelephone terminals.

In the following reference is made to the embodiment of FIG. 1.

Step D is carried out after that the subscriber U1 has providedappropriate input (for example a command) to the mobile telephoneterminal T1 where the card C1 is installed and step E is carried outafter that the subscriber U2 has provided appropriate input (for examplea command) to the mobile telephone terminal T2 where the card C2 isinstalled.

The request from subscriber U1 and/or the grant by subscriber U2 maycomprise information specifying the authorisation scope, for example aperiod of time (for example 1 hour) corresponding to an authorisationduration and/or an amount of money (10 Euros) corresponding to anauthorised payment, desired by subscriber U1 for enjoying a service. Thescope of the authorisation highly depends on the requested service; forexample, for an SMS service the scope may correspond to the number ofSMS messages that can be transmitted, for an FTP download service thescope may correspond to the number of Mbytes or items (for examplesongs) that can be downloaded, for a DVH-H service the scope maycorrespond to the identification code of a broadcasted program (forexample a football match).

According to simple embodiments of the present invention, the servicesthat can be borrowed and lent are fixed and predetermined and corresponde.g. to all the services of the subscription of the requestingsubscriber U1. According to more sophisticated embodiments, the servicethat can be borrowed and lent is variable and can be selected by theuser; in this case, the authorisation request from subscriber U1 and/orthe authorisation grant by subscriber U2 may comprise informationspecifying the desired service or services.

Preferably both mobile telephone terminals T1 and T2 informs the mobiletelephone network N of the granted authorisation; this is typicallycarried out by means of the long range radio communication transceiversL1 and L2. Such notification to the network N typically comprisesinformation about the identity of the two subscribers U1 and U2 and, ifnecessary, the scope of the authorisation and/or the borrowed/lentservice or services.

In order to have the network N aware of the identities of the twosubscribers U1 and U2 that have agreed on a borrowed/lent service, thepayment authorisation request may comprise information specifying theidentify (for example the IMSI code) of the requesting subscriberidentification card (i.e. C1), and the payment authorisation grant maycomprise information specifying the identify (for example the IMSI code)of the granting subscriber identification card (i.e. C2). In this way,when terminal T1 notifies the network N it may provide the identity ofthe granting card C2 and when terminal T2 notifies the network N it mayprovide the identity of the requesting card C1.

According to a typical application of the present invention, mobiletelephone terminal T1 requests the mobile telephone network N to beassociated to the identity of the subscriber identification card C2, andmobile telephone terminal T2 requests the mobile telephone network N tobe associated to the identity of the subscriber identification card C1;in this way, an “identity exchange” is achieved with all the servicesassociated to these cards.

According to this typical application, before step F both the mobiletelephone terminals T1 and T2 may first deregister from the mobiletelephone network N and then register again to the mobile telephonenetwork N; in this way, the network N is not aware that an “identityexchange” has occurred.

Alternatively and advantageously, according to this typical applicationof “identity exchange”, the network N becomes fully aware of theexchange of identity (thanks to the notification by the terminals T1 andT2) and arranges so that calls addressed to the subscriberidentification card C1 are anyway directed to the mobile telephoneterminal T1 and telephone calls addressed to the subscriberidentification card C2 are anyway directed to the mobile telephoneterminal T2 (as it is know, a mobile telephone terminal is identified bythe IMEI [International Mobile Equipment Identity] code); in this way,the exchange of identity is effective for billing purposes but not forphone call reception purposes. More specifically, the exchange ofidentity between the mobile telephone terminal T1 and the mobiletelephone terminal T2 may be effective for billing purposes only.

Advantageously, in case of “identity exchange”, any authenticationprocedure of a subscriber identity is carried out through the card thatrightfully holds this identity; in this way, there is no need totransmit authentication information securely stored within the card.This means that if an identity authentication is requested to terminalT1 by e.g. the mobile telephone network N during an “identity exchange”,the card C1 forward the received authentication request to card C2 andthen waits for an authentication response from card C2 in order tocorrectly reply to the identity authentication request; on the contrary,if no “identity exchange” is active, card C1 replies directly to anyauthentication request from the network N based on the authenticationinformation stored in its memory M1.

One of the services that can be borrowed according to the presentinvention is an information (for example songs, movies, . . . ) downloadservice; as already said, more and more in the future, these serviceswill be provided through a DRM [Digital Right Management] system thatallows enjoyment of the downloaded information only to e.g. onesubscriber by encrypting information through data specific of thissubscriber. In case of “identity exchange” and use of a DRM system, themobile telephone terminal T1 downloads from the mobile telephone networkN information encrypted through data specific of subscriber U1 (storedin card C1) even if the download is paid by the subscription associatedto subscriber U2.

As already said, the authorisation to use services by a secondsubscriber to a first subscriber is intended for a limited time.Basically, the termination of the authorisation may take place in threedifferent ways: (A) the mobile telephone network understands from thescope of the authorisation that the authorisation is exhausted (forexample the period of time is expired or the amount of credit is spent),(B) any of the mobile telephone terminals T1 and T2 informs the mobiletelephone network N that the authorisation is terminated due to the willof its subscriber, (C) any of the mobile telephone terminals T1 and T2detects that the short range communication channel CH is interrupted andconsequently informs the mobile telephone network N that theauthorisation is terminated due to technical problems.

A more detailed description of a specific embodiment of the presentinvention follows with no limitation purposes.

According to FIG. 2, a subscriber U1 having a mobile phone T1 (with aSIM card C1) starts a process whereby he asks to borrow e.g. a certainamount of credit from subscriber U2 having a mobile phone T2 (with a SIMcard C2) located in the vicinity (for example 1-10 meters) of mobilephone T1 in order to enjoy some kind of service provided by the networkoperator that issued both SIM cards C1 and C2; both SIM cards C1 and C2are provided also with short range communication capability inparticular through the ZigBee technology as described before and will bereferred to as ZSIM cards in the following. Flow chart of the behaviourof the two ZSIM cards C1 and C2 is shown in FIG. 3 and FIG. 4 while thesequence diagram is shown in FIG. 2.

Subscriber U1 selects from his “toolkit application menu” (a menu of theavailable applications on the SIM) the “Pay4Me” item [0]. It isimportant to note that the “toolkit application menu” is a standardfeature of mobile telephone terminals available on the market nowadays,and that a mobile telephone terminal do not need to be aware of thenature of the applications available on the SIM; therefore, no change isrequired to a standard mobile telephone terminal in order to implementthe “Pay4Me” new service.

A “Pay4Me” applet (in Client mode) on-board the ZSIM card C1 checks forthe presence of other ZSIM cards with the same applet on-board in thevicinity (depending on the actual radio coverage allowed by thetechnology and by the environment). ZSIM card C2 is in the vicinity andhas a “Pay4Me” applet on-board therefore the applet (in Server mode) oncard C2 will reply [1] to the applet (in Client mode) on card C1;subscriber U2 may be involved in such reply. A proximity communicationchannel CH is established [2] between the two ZSIM cards.

From a menu on terminal T1, subscriber U1 is prompted [3] to insert theamount of e.g. credit he wants to ask for. This value is sent toterminal T2 [4] through the proximity channel CH and subscriber U2 isasked [5] by terminal T2 to authorise the use of the requested e.g.credit to subscriber U1; for security reasons, the authorisation may besubject to the input of a PIN [Personal Identification Number] or otherequivalent security measures.

At this stage the two ZSIM cards C1 and C2 send messages (for exampleSMS, DTMF, USSD, . . . ) to the network N containing identification data(for example their IMSI codes) in order to inform the network N that anidentity exchange (indeed with some limitations) is requested (typicallyfor a limited period of time) between the two cards. In fact, ZSIM cardC1 sends a message [6] to inform the network N that it has asked for acertain amount of e.g. credit to ZSIM card C2 associated to a certainphone number; ZSIM card C2 sends a message [7] to inform the network Nthat it has (locally=i.e. through the proximity channel CH) authorizedZSIM card C1 to use this certain amount of e.g. credit.

The network N associates the authentication set of data, e.g. the GSMtriplets (in case of UMTS they would be quintuplets), calculated forZSIM card C1 to ZSIM card C2 and those for ZSIM card C2 to ZSIM card C1.

The following explanation refers only to terminal T1 and ZSIM card C1 asa specular explanation applies also to terminal T2; this simplification[13] applies to FIG. 2 as well.

Then the network N, using these swapped set, sends an authenticationrequest [8] to terminal T1 and ZSIM card C1. When ZSIM card C1 receivesthe challenge from the network N, it forward this request [9] to ZSIMcard C2 using the proximity channel CH. ZSIM card C2 calculates theresponse [10] and send it [11] to ZSIM card C1 using the proximitychannel CH. This response associated to ZSIM card C2 subscription issent [12] to the network N by ZSIM card C1 and terminal T1.

If the above process succeeds, the two subscribers U1 and U2 will haveexchanged their subscriptions and consequently their credits for alimited period of time. During this period the network N carries out allnecessary operations for guaranteeing that:

-   1. use by subscriber U1 of any service associated to his    subscription will consume the credit of subscriber U2, up to e.g.    the authorised amount,-   2. use by subscriber U1 of any local service associated to ZSIM card    C1 will be possible,-   3. use by subscriber U2 of any local service associated to ZSIM card    C2 will be possible,-   4. both subscribers U1 and U2 will preferably continue to receive    incoming phone calls and SMS messages addresses to their    identities/numbers through their terminals T1 and T2 (with ZSIM    cards C1 and C2).

As far as subscriber U2 and his subscription are concerned, threedifferent possibilities may be implemented according to the presentinvention: (a) use by subscriber U2 of any service associated to itssubscription will consume the credit of subscriber U1, (b) use bysubscriber U2 of any service associated to its subscription will consumethe credit of subscriber U2, (c) use by subscriber U2 of any serviceassociated to its subscription is temporarily disabled.

According to the above embodiment, the “identity exchange” or“subscription exchange” is transparent to the terminal. ZSIM card C1reads the IMSI code from ZSIM card C2 trough the proximity channel CHand vice versa ZSIM card C2 reads the IMSI code from ZSIM card C1 troughthe proximity channel CH. Both ZSIM cards C1 and C2 send an SMS message(or a USSD signalling) to the network N with the request to activate theservice and their new IMSI codes. The network N provides to exchangee.g. the GSM triplets and, from the next authentication request untilthe service termination, sends to Terminal T1 with ZSIM card C1 thechallenge associated to ZSIM card C2 and vice versa to Terminal T2 withZSIM card C2 the challenge associated to ZSIM card C1.

Alternatively, a different method could be used which is transparent tothe network N. ZSIM card C1 read the IMSI code of ZSIM card C2 from ZSIMcard C2 through the proximity channel CH and vice versa ZSIM card C2read the IMSI code of ZSIM card C1 from ZSIM card C1. Both ZSIM cardssend a toolkit command call REFRESH in order to restart the terminalinitialization procedure; when the terminal send a READ BINARY commandto read the IMSI code ZSIM card C1 provides the IMSI code of ZSIM cardC2 to the terminal T1 and ZSIM card C2 provides the IMSI code of ZSIMcard C1 to the terminal T2. The network N is not affected by thisexchange (due to the restart carried out by both ZSIM cards C1 and C2)and will believe that ZSIM card C1 is ZSIM card C2 as it has receivedfrom terminal T1 that IMSI code and vice versa that ZSIM card C2 is ZSIMcard C1 as it has received from terminal T2 that IMSI code. In thiscase, it is up to the network to reroute calls and/or messages and/ordata to the right terminal.

The process can end when one or both the subscribers U1 and U2 decide tostop it or when the proximity channel CH is interrupted. In the firstcase the process ends voluntarily and the network N is notified and canmake all the proper actions to restore the initial conditions. In thesecond case the process ends accidentally and a recovery procedure maybe necessary.

When one (or both) subscriber decides to stop the process he selects anappropriate menu item from his toolkit application menu. The connectionbetween the two ZSIM cards C1 and C2 through the proximity channel CH isterminated and both ZSIM card C1 and ZSIM card C2 send data to thenetwork N to inform it that the “identity exchange” or “subscriptionexchange” is terminated. At this time the network N restores the initialconditions both internally and with respect to the ZSIM cards.

As soon as one of the two ZSIM cards C1 or C2 understands that theproximity channel CH is interrupted, it displays on the correspondingmobile terminal a warning message and asks the user if he wants to tryto restore the channel and to continue the process previously startedprocedure with the other ZSIM card or he wants to end the process. Inthe latter case, the network N is promptly notified. It is to be noticedthat, according to an alternative and simpler solution, as soon as aZSIM card that detects interruption of the proximity channel it mayterminate the process and notify the network immediately without askinganything to the user.

Reference will now be made to the flow chart of FIG. 4 that refers tothe behaviour of ZSIM card C1 when its subscriber U1 sends a request ofa service according to the present invention and to the flow chart ofFIG. 5 that refers to the behaviour of ZSIM card C2 when its subscriberU2 receive a request of a service according to the present invention

The following steps take place in ZSIM card C1:

Step 3-1: ZSIM card C1 scans for ZSIM cards in the vicinity with anapplet “Pay4Me” enabled;

Step 3-2: ZSIM card C1 checks if such a ZSIM card is found; if NO step3-3 is carried out and if YES step 3-4 is carried out;

Step 3-3: ZSIM card C1 signals to the user that no suitable ZSIM wasfound;

Step 3-4: ZSIM card C1 prompts the user to select from a list ofsuitable ZSIM cards and receives the selection by the user;

Step 3-5: ZSIM card C1 prompts the user to input e.g. the amount ofdesired credit and receives the input by the user;

Step 3-6: ZSIM card C1 asks the selected ZSIM card for the authorisationto use the input amount of credit;

Step 3-7: ZSIM card C1 checks whether authorisation is granted by theselected ZSIM card; if NO step 3-8 is carried out and if YES step 3-9 iscarried out;

Step 3-8: ZSIM card C1 signals to the user that the authorisation forthe input amount of credit has not been granted by the selected ZSIMcard;

Step 3-9: ZSIM card C1 informs the network N that the authorisation hasbeen granted and that the “identity exchange” or “subscription exchange”is to be activated;

Step 3-10: ZSIM card C1 carries out a loop until the process isterminated; this loop provides for the steps 3-11, 3-12 and 3-13;

Step 3-11: ZSIM card C1 monitor the proximity channel CH for messages(in particular identification and authentication messages) from anexternal ZSIM card,

Step 3-12: ZSIM card C1 monitor terminal T1 for messages (in particularidentification and authentication messages) from the network N,

Step 3-13: ZSIM card C1 monitor terminal T1 for messages from the useror from the network N not relating to the “Pay4Me” service.

The following steps take place in ZSIM card C2:

Step 4-1: ZSIM card C2 scans for ZSIM cards in the vicinity with anapplet “Pay4Me” enabled;

Step 4-2: ZSIM card C2 checks if such a ZSIM card is found; if NO step4-3 is carried out and if YES step 4-4 is carried out;

Step 4-3: ZSIM card C2 signals to the user that no suitable (with anapplet “Pay4Me” enabled) ZSIM was found;

Step 4-4: ZSIM card C2 prompts the user to select from a list ofsuitable (with an applet “Pay4Me” enabled) ZSIM cards and receives theselection by the user;

Step 4-5: ZSIM card C2 receives from the selected ZSIM card the requestto use e.g. an amount of credit;

Step 4-6: ZSIM card C2 prompts the user to input his reply to therequested amount of credit;

Step 4-7: ZSIM card C2 checks whether authorisation is granted by theuser; if NO step 4-8 is carried out and if YES step 4-9 is carried out;

Step 4-8: ZSIM card C2 signals to ZSIM card C1 that the authorisationfor the input amount of credit has not been granted;

Step 4-9: ZSIM card C2 informs the network N that the authorisation hasbeen granted and that the “identity exchange” or “subscription exchange”is to be activated;

Step 4-10: ZSIM card C2 carries out a loop until the process isterminated; this loop provides for the steps 4-11, 4-12 and 4-13;

Step 4-11: ZSIM card C2 monitor the proximity channel CH for messages(in particular identification and authentication messages) from anexternal ZSIM card,

Step 4-12: ZSIM card C2 monitor terminal T1 for messages (in particularidentification and authentication messages) from the network N,

Step 4-13: ZSIM card C2 monitor terminal T1 for messages from the useror from the network N not relating to the “Pay4Me” service.

Step 3-11 and step 4-11 provide for the same (or almost the same)activities that are shown in more detail in the flow chart of FIG. 5;step 3-12 and step 4-12 provide for the same (or almost the same)activities that are shown in more detail in the flow chart of FIG. 6;step 3-13 and step 4-13 provide for the same (or almost the same)activities that are shown in more detail in the flow chart of FIG. 7.

FIG. 5 shows three consecutive steps:

Step 5-1: reception of an authentication request from an external ZSIMcard through the proximity channel CH;

Step 5-2: local computation of the authentication response;

Step 5-3: transmission of the authentication response to the externalZSIM card through the proximity channel CH.

FIG. 6 shows four consecutive steps:

Step 6-1: reception of an authentication request from the network N;

Step 6-2: forwarding of the authentication request to an external ZSIMcard through the proximity channel CH;

Step 6-3: reception of the authentication response from the externalZSIM card through the proximity channel CH;

Step 6-4: forwarding of the authentication response to the network N.

FIG. 7 shows two consecutive steps:

Step 7-1: reception of a request from the user or from the network N notrelating to the “Pay4Me” service;

Step 7-2: local generation and transmission of a response to thisrequest.

It is to be noted that a ZSIM card (C1;C2) receives requests from otherZSIM cards through the proximity channel CH by means of its internalshort range communication transceiver (S1;S2) and any other request(either from the user of from the network N) by means of its internalinterface (I1;I2). Requests from the network N are first received fromthe terminal (T1;T2) through its internal long range communicationtransceiver (L1;L2) and then forwarded to the ZSIM card (C1;C1) throughits interface (I1;I2); responses to the network N are generated by aZSIM card (C1;C2), then forward to the terminal (T1;T2) by means itsinternal interface (I1,I2), and finally transmitted to the network N bymeans of the long range communication transceiver (L1;L2).

It appears that a very specific aspect of the present invention and ofthe above described embodiment is that the SIM cards act as a filter ofrequests coming from the terminal and from the proximity channel andacts differently according to the type and source of request itreceives. If the request comes from the network (through the terminal)and is an authentication challenge, the challenge is sent to the otherSIM and the response from the other SIM is sent back to the terminal,which does not perceives the difference. If the request comes from theother SIM through the proximity channel and is an authenticationchallenge, the challenge is processed locally and the response is sentto the other SIM. If the request comes from the terminal and is relatedto a service that is on the SIM (but is not related to the “Pay4Me”service) the response is dealt with locally and the response is sent tothe terminal, without any involvement of the proximity channel.

As already said, in order to implement the present invention the use ofappropriate subscriber identification cards is necessary.

As already said, the present invention is applicable also to a scenariowherein the two subscriber identity cards C1 and C2 are respectivelyassociated to two different and distinct mobile telephone networks N1and N2 of two different mobile telephone operators; this is shown inFIG. 8.

In case of two networks and two operators, technical and commercialagreements between the two entities are in place.

Such agreements may be necessary from one side for rerouting callsand/or messages and/or data to the right terminal and from another sidefor correct billing.

The present invention provides also a specific subscriber identificationcard that is adapted to be used for implementing the above describedmethod; it is to be noted that even different subscriber identificationcards may be used to this purpose.

In general, a subscriber identification card (C1;C2) according to thepresent invention comprises an interface (I1;I2), a transceiver (S1;S2)and a processing unit (P1;P2); the interface (I1;I2) is adapted toconnection to a mobile telephone terminal (T1;T2) in order to allow longrange direct communication of the mobile telephone terminal (T1;T2) witha mobile telephone network (N1;N2); the transceiver (S1;S2) is adaptedto short range direct communication with other subscriberidentifications cards; the processing unit (P1;P2) stores a programadapted:

-   -   to control the transceiver (S1;S2) so that to transmit payment        authorisation requests and to receive corresponding payment        authorisation responses,    -   to control the transceiver (S1;S2) so that to receive payment        authorisation requests and to transmit corresponding payment        authorisation responses, and    -   to control the interface (I1;I2) so that to inform said mobile        telephone network of granted requests.

According to a first embodiment of the card, such subscriberidentification card (C1;C2) comprises a memory (M1;M2) storingsubscriber identification and authentication information relating to asubscriber (U1;U2) and the processing unit (P1;P2) stores a program thatduring a first operating mode (when no “identity exchange” is active) isadapted:

-   -   to control its interface (I1;I2) so that to receive        authentication requests relating to said subscriber (U1;U2) and        to transmit corresponding authentication responses relating to        said subscriber (U1;U2) based on said stored subscriber        identification and authentication information;        during a second operating mode (when “identity exchange” is        active) is adapted:    -   to control its interface (I1;I2) so that to receive        authentication requests relating to another subscriber (U2;U1)        and to transmit corresponding authentication responses relating        to said another subscriber (U2;U1),    -   to control its transceiver (S1;S2) so that to transmit        authentication requests relating to said another subscriber        (U2;U1) and to receive corresponding authentication responses        relating to said another subscriber (U2;U1),    -   to control its transceiver (S1;S2) so that to receive        authentication requests relating to said subscriber (U1;U2) and        to transmit authentication responses relating to said subscriber        (U1;U2).

Thanks to the software means of the card according to this firstembodiment, the subscriber authentication information (Ki) never leavesthe safe internal memory of the card.

According to a second embodiment of the card, such subscriberidentification card (C1;C2) comprising a memory (M1;M2) adapted to storepermanently subscriber identification and authentication informationrelating to a first subscriber (U1;U2—i.e. the “rightful subscriber”)and to store temporary subscriber identification and authenticationinformation relating to a second subscriber (U2;U1—i.e. the “lendingsubscriber”); the subscriber identification and authenticationinformation relating to a second subscriber (U2;U1) is received fromanother subscriber identification card (C2;C1) through the short radiocommunication transceiver (S1;S2).

Thanks to the software means of the card according to this secondembodiment, the subscriber identification information and (moreimportant) the subscriber authentication information of the secondsubscriber leaves the safe internal memory of a card (for example C2)but directly goes into the safe internal memory of another card (forexample C1); for further data security, the ZigBee technology is usedfor establishing an encrypted proximity channel between the cards.

The present invention, particularly its method, may find many differentapplications; in the following, a couple of practical examples will bedescribed within environments (mobile telephone network, mobiletelephone terminals, subscriber identification cards) implementing thepresent invention.

According to the first example, two friends, Bob and Alice, want toenjoy a new Hollywood comedy transmitted in Pay-per-View while being inmobility (e.g. they are waiting for a flight, or taking a long trainjourney). Alice has a DVB-H mobile handset with a DVB-H SIM card, whileBob's phone is not able to receive broadcast services. Bob offers to payfor the film because Alice's credit is over, or simply for giving her agift. Then Alice selects the operator's service “Pay4Me”, inserts thecost of the film and asks for Bob authorization. Once the credit requestis accepted by Bob, a temporary subscription exchange happens asdescribed above, and the two friends can watch the film.

The present invention may be used also within the context of DRM-enabledservices, as the following second example clarifies.

Alice is a registered user of an online mobile music service and has alarge collection of music tracks on her mobile phones. The music tracksshe buys from the aforementioned service are protected with OMA DRM 2.0technology in a way that none else but Alice herself is able to consumethe content (i.e. the content is bound to her SIM card, that has to beplugged in the phone at the time of consumption).

Alice is notified by her mobile operator about the possibility to buy anew song of her favourite music group at a discount price, as long asshe performs the purchase transactions within a short amount of time(e.g. the following ten minutes). Unfortunately, her personal credit isover and therefore she cannot complete the purchase.

Alice decides to ask her friend Bob for lending her some credit. Aliceselects the “Pay4Me” option from the user menu of her phone, inputs theamount of money required for the purchase and send a payment request tothe Bob's phone.

After Bob's acceptance, Alice is able to complete the purchasetransaction.

Although the payment is completed via Bob's SIM card credentials, theservice provider, that was previously notified about the temporaryidentity exchange between the Bob's and Alice's

SIM cards, can properly protect the usage license for the music track(i.e. bind the consumption of the content to Alice's SIM, whose detailsare known to the service provider itself for the purpose of applying theDRM protection) and subsequently deliver it to Alice's phone.

1: Method for enjoying a service through a mobile telephone terminalcomprising the steps of: A) providing a first mobile telephone terminalwith a first subscriber identification card associated to the with anidentity of a first subscriber, said first terminal being adapted tocommunicate with a first mobile telephone network by a long range radiocommunication transceiver, and said first card being adapted tocommunicate with other subscriber identification cards by a short rangeradio communication transceiver, said first card allowing the enjoymentof a service provided by said first mobile telephone network, B)providing a second mobile telephone terminal with a second subscriberidentification card associated with an identity of a second subscriber,said second terminal being adapted to communicate with a second mobiletelephone network by a long range radio communication transceiver, andsaid second card being adapted to communicate with other subscriberidentification cards by a short range radio communication transceiver,C) establishing a short range communication channel between said firstcard and said second card by their short range radio communicationtransceivers, D) transmitting from said first card to said second cardby said channel a request to authorise a payment to be charged to saidsecond subscriber for the benefit of said first subscriber, E)transmitting from said second card to said first card by said channel agrant of said payment authorisation request, F) informing said networksof said granted request to be implemented by said networks through theassociation of the identity of said first subscriber to said secondterminal and of the identity of said second subscriber to said firstterminal, and G) enjoying said service through said first terminal basedon said granted request. 2: Method according to claim 1, wherein before,during and after said step F both said first card and said second cardare active and operative in communicating together and with theassociated terminals. 3: Method according to claim 1, wherein said firstnetwork and said second network correspond to the same mobile telephonenetwork. 4: Method according to claim 1, wherein said request and/orgrant comprise information specifying an authorization scope. 5: Methodaccording to claim 4, wherein the authorisation scope of said requestcorresponds to the authorization scope of said grant. 6: Methodaccording to claim 4, wherein said request and/or grant compriseinformation specifying a period of time corresponding to anauthorization duration. 7: Method according to claim 4, wherein saidauthorisation request and/or grant comprise information specifying anamount of money corresponding to an authorized payment. 8: Methodaccording to claim 1, wherein said request and/or grant compriseinformation specifying a service to be enjoyed. 9: Method according toclaim 1, wherein said step F is carried out by both said first terminaland said second terminal through their long range radio communicationtransceivers. 10: Method according to claim 1, wherein said requestcomprises information specifying the identity of said first subscriber,and wherein said grant comprises information specifying the identity ofsaid second subscriber. 11: Method according to claim 10, wherein saidstep F provides that: F1) said first terminal requests said firstnetwork by its long range radio communication transceiver to beassociated with the identity of said second subscriber, and F2) saidsecond terminal requests said second network by its long range radiocommunication transceiver to be associated with the identity of saidfirst subscriber. 12: Method according to claim 1, wherein after saidstep F telephone calls addressed to said first subscriber are directedto said first terminal and telephone calls addressed to said secondsubscriber are directed to said second terminal. 13: Method according toclaim 1, wherein after said step F the exchange of identity between saidfirst terminal and said second terminal is effective for billingpurposes only. 14: Method according to claim 1, wherein before said stepF both said first terminal and said second terminal first deregisterfrom said networks and then register again to said networks. 15: Methodaccording to claim 1, wherein after said step F when said first networkrequests an identity authentication to said first terminal, said firstterminal collects an authentication response from said second card bysaid first card and said short range communication channel and transmitsthe collected authentication response to said first network, and whereinafter said step F when said second network requests an identityauthentication to said second terminal, said second terminal collects anauthentication response from said first card by said second card andsaid short range communication channel and transmits the collectedauthentication response to said second network. 16: Method according toclaim 1, wherein after said step F if said first terminal downloads fromsaid first network information encrypted through subscriber specificdata, said information is encrypted through data specific of said firstsubscriber associated with said first card. 17: Method according toclaim 1, wherein said step F provides that said networks are informed ofthe scope of said granted request and of the correspondingauthorization. 18: Method according to claim 1, wherein after said stepF said first terminal and/or said second terminal inform said networksthat said granted request and the corresponding authorization isterminated. 19: Method according to claim 18, wherein when any of saidfirst and second cards detects that said short range communicationchannel is interrupted any of said terminals inform any of said networksthat said granted request and the corresponding authorization isterminated. 20: Method according to claim 1, wherein said short rangecommunication channel is established through the ZigBee technology. 21:Subscriber identification card comprising an interface, a transceiverand a processing unit, said interface being adapted to connection to amobile telephone terminal in order to allow long range directcommunication of said mobile telephone terminal with a mobile telephonenetwork, said transceiver being adapted to short range directcommunication with other subscriber identifications cards, wherein saidprocessing unit stores a program adapted: to control said transceiver totransmit payment authorization requests and to receive correspondingpayment authorization responses, to control said transceiver to receivepayment authorization requests and to transmit corresponding paymentauthorization responses, and to control said interface to inform saidmobile telephone network of granted requests. 22: Subscriberidentification card according to claim 21, comprising a memory storingsubscriber identification and authentication information relating to asubscriber, wherein said processing unit stores a program that during afirst operating mode is adapted—: to control said interface to receiveauthentication requests relating to said subscriber and to transmitcorresponding authentication responses relating to said subscriber basedon said stored subscriber identification and authentication information;during a second operating mode is adapted—: to control said interface toreceive authentication requests relating to another subscriber and totransmit corresponding authentication responses relating to said anothersubscriber, to control said transceiver to transmit authenticationrequests relating to said another subscriber and to receivecorresponding authentication responses relating to said anothersubscriber, to control said transceiver to receive authenticationrequests relating to said subscriber and to transmit authenticationresponses relating to said subscriber. 23: Subscriber identificationcard according to claim 21, comprising a memory adapted to storepermanently subscriber identification and authentication informationrelating to a first subscriber and to store temporary subscriberidentification and authentication information relating to a secondsubscriber, said subscriber identification and authenticationinformation relating to a second subscriber being received from anothersubscriber identification card through said transceiver.